From 28e78414f9175774f26d8c564c7c1d3b078f99de Mon Sep 17 00:00:00 2001
From: Georg Brandl <georg@python.org>
Date: Sun, 27 Oct 2013 07:29:47 +0100
Subject: Issue #16040: CVE-2013-1752: nntplib: Limit maximum line lengths to
 2048 to prevent readline() calls from consuming too much memory.  Patch by
 Jyrki Pulliainen.

---
 Lib/nntplib.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'Lib/nntplib.py')

diff --git a/Lib/nntplib.py b/Lib/nntplib.py
index 2de6ebd1b5..02cc37c1e2 100644
--- a/Lib/nntplib.py
+++ b/Lib/nntplib.py
@@ -85,6 +85,13 @@ __all__ = ["NNTP",
            "decode_header",
            ]
 
+# maximal line length when calling readline(). This is to prevent
+# reading arbitrary lenght lines. RFC 3977 limits NNTP line length to
+# 512 characters, including CRLF. We have selected 2048 just to be on
+# the safe side.
+_MAXLINE = 2048
+
+
 # Exceptions raised when an error or invalid response is received
 class NNTPError(Exception):
     """Base class for all nntplib exceptions"""
@@ -424,7 +431,9 @@ class _NNTPBase:
         """Internal: return one line from the server, stripping _CRLF.
         Raise EOFError if the connection is closed.
         Returns a bytes object."""
-        line = self.file.readline()
+        line = self.file.readline(_MAXLINE +1)
+        if len(line) > _MAXLINE:
+            raise NNTPDataError('line too long')
         if self.debugging > 1:
             print('*get*', repr(line))
         if not line: raise EOFError
-- 
cgit v1.2.1